Light Dark
April 10, 2018 By Sue Poremba 3 min read
Incident Response
CISO
Risk Management

The ever-growing list of cybersecurity threats looks like something out of a 21st century version of “The Wizard of Oz” — but instead of lions and tigers and bears (oh my!), today’s security professionals must contend with Internet of Things (IoT) data leaks, fragmented cloud infrastructures due to regulations, augmented intelligence (AI)-powered malware and trusted professionals creating a new type of insider threat. This is just a small sample of the emerging threats looming in the shadows of cybersecurity.

Why should you care about tomorrow’s threats today? If you have a better idea of what’s coming over the threat horizon, you can create a better incident response plan to limit or prevent these threats from affecting your data, business and customers. Luckily, forward-looking studies such as the Information Security Forum (ISF)’s “Threat Horizon 2020” report allow business leaders and chief information security officers (CISOs) to better strategize and develop a proactive security system.

Threats Are at an All-Time High

It’s not a stretch to say that we are at a breaking point in cybersecurity. In fact, the final quarter of 2017 saw threat levels at an all-time high. One reason for this surge is that the bad guys are constantly recreating the threat horizon itself, developing new tactics and upgrading strategies for old tactics.

The ISF report noted that technology is outpacing security controls and the pressure to keep up with threats is skewing security professionals’ judgment. Let’s take a closer look at how these two themes fit into the threat horizon, and explore how organizations can overcome these hurdles and improve their incident response and security control systems.

Technology Outpaces Controls

A few years ago, the average person knew nothing about the IoT, and clouds were still just fluffy white things in the sky. Now, everything in your house can be connected and controlled by an app on your smartphone through cloud computing architecture.

Related: Operational Integrity and Incident Response for IoT Security

Many vendors are more concerned with introducing their technology into the market as quickly as possible than they are with securing those apps and devices. The bad guys know that security controls are an afterthought and take advantage of this lack of awareness to spread malware in novel ways that catch security teams off guard. Take the Mirai botnet, for example, which used IoT devices to infect networks and take down popular websites with a massive distributed denial-of-service (DDoS) attack.

Pressure Skews Judgment

All these new technologies can put a serious strain on your network. Couple this with ever-changing regulations and the growing burden on employees to be diligent about threats, and you have an environment that is filled with pressure, which can affect security professionals’ judgment. They know they have to provide good security platforms, so they may be tempted to focus on quantity and not quality — adding all the bells and whistles of a top security system but not covering the basic areas that need higher levels of protection. They may put a lot of emphasis on perimeter security, for example, when the greatest risk area is actually privileged access management.

Scoping Out the Threat Horizon

Security incidents occur largely because organizations are unprepared. Cybersecurity has long been reactive rather than proactive, focusing on response before prevention. By the time a threat is addressed, the damage is done. This is only going to get worse given the increasing sophistication of the attacks looming on the threat horizon.

“Over the coming years, the very foundations of today’s digital world will shake — violently,” said Steve Durbin, ISF’s managing director. “Innovative and determined attackers, along with seismic changes to the way organizations conduct their operations, will combine to threaten even the strongest establishments. Only those with robust preparations will stand tall.”

Yet, surprisingly few companies have robust preparations in place. A solid incident response plan requires more than just a security platform or a security operations center (SOC). It should take into consideration the scope of business operations and where the greatest risk lie. For example, what kind of incident would constitute a catastrophe for the organization versus a mere inconvenience?

If security professionals don’t understand the company’s risk tolerance, they cannot institute the right type or level of response. The response plan should also designate who is in charge and who has authorization to address potential threats. Finally, incident response requires teamwork. Business leaders must determine when the legal team should be brought in and who will act as the voice of the company in a worst-case scenario.

By keeping their eyes fixed on the threat horizon, security professionals and business leaders can develop the right incident response strategy and put the organization in a better position to fend off the lions, tigers and bears looming in the shadows of the cybersecurity landscape.

Listen to the podcast: Get Smarter About Disaster Response — 5 Resolutions for 2018 and Beyond

 |  |  |  |  |  | 
Sue Poremba

More from Incident Response
October 6, 2023

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

September 27, 2023

Tequila OS 2.0: The first forensic Linux distribution in Latin America

3 min read - Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America. IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that…

August 31, 2023

Alert fatigue: A 911 cyber call center that never sleeps

4 min read - Imagine running a 911 call center where the switchboard is constantly lit up with incoming calls. The initial question, “What’s your emergency, please?” aims to funnel the event to the right responder for triage and assessment. Over the course of your shift, requests could range from soft-spoken “I’m having a heart attack” pleas to “Where’s my pizza?” freak-outs eating up important resources. Now add into the mix a volume of calls that burnout kicks in and important threats are missed.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature